Enable signature verification of kexec kernel and use new Mariner Tru… #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) Microsoft Corporation. | |
| # Licensed under the MIT License. | |
| name: Spec Linting | |
| on: | |
| push: | |
| paths: | |
| - '**.spec' | |
| branches: [main, dev, 1.0*, 2.0*, 3.0*, fasttrack/*] | |
| pull_request: | |
| paths: | |
| - '**.spec' | |
| branches: [main, dev, 1.0*, 2.0*, 3.0*, fasttrack/*] | |
| jobs: | |
| spec-lint: | |
| name: Spec Linting | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout the branch of our repo that triggered this action | |
| - name: Workflow trigger checkout | |
| uses: actions/checkout@v4 | |
| - name: Get base commit for PRs | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| git fetch origin ${{ github.base_ref }} | |
| echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV | |
| echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" | |
| - name: Get base commit for Pushes | |
| if: ${{ github.event_name == 'push' }} | |
| run: | | |
| git fetch origin ${{ github.event.before }} | |
| echo "base_sha=${{ github.event.before }}" >> $GITHUB_ENV | |
| echo "Merging ${{ github.sha }} into ${{ github.event.before }}" | |
| - name: Get the changed files | |
| run: | | |
| echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'" | |
| changed_specs=$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "SPECS.*/.*\.spec$" || test $? = 1; }) | |
| echo "Files to validate: '${changed_specs}'" | |
| echo "updated-specs=$(echo ${changed_specs})" >> $GITHUB_ENV | |
| - name: Main branch checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: 'main' | |
| path: 'main-checkout' | |
| # Our linter is based on the spec-cleaner tool from the folks at openSUSE | |
| # We apply a patch to modify it for Azure Linux's needs | |
| - name: spec-cleaner checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'rpm-software-management/spec-cleaner' | |
| ref: 'spec-cleaner-1.2.0' | |
| path: 'spec-cleaner' | |
| # For consistency, we use the same major/minor version of Python that Azure Linux ships | |
| - name: Setup Python 3.12 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| # We take our version of the linting tool from the master branch to ensure rules | |
| # are consistent across all branches | |
| - name: Patch spec-cleaner with Azure Linux-specific lints | |
| run: | | |
| pushd spec-cleaner | |
| git apply ../main-checkout/.github/workflows/azurelinux-spec-cleaner.patch | |
| popd | |
| - name: Install patched spec-cleaner | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ./spec-cleaner | |
| # Set continue-on-error to true if we're blocking too many PRs here | |
| # We don't want this tool to have a low signal-to-noise ratio | |
| - name: Lint changed spec files | |
| run: | | |
| touch linted_specs.diff | |
| spec-cleaner -d --diff-prog="git --no-pager diff" ${{ env.updated-specs }} | tee linted_specs.diff | |
| if [ -s linted_specs.diff ] | |
| then | |
| echo -e "\n====================== LINTING FAILED ======================" | |
| echo "Specs are not correctly formatted." | |
| echo "A diff of the changes required is printed above." | |
| echo "Linting output is available in the linted_specs artifact." | |
| echo "Please properly format your specs according to the output before merging." | |
| exit 1 | |
| fi | |
| exit 0 | |
| - uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: linted_specs | |
| path: linted_specs.diff | |
| if-no-files-found: ignore |